GRE / IPSEC pass through

I am in the process of setting up a new facility.  I have a vendor who is going to be onsite and will have his own network.  I have a cisco 2811and I am in the initial configuration stage, so nothing is locked down, yet!  This vendor has his own cisco router, and is going to connect via gre / ipsec to his corporate network.  I have configured a static nat that takes all the traffic from the public ip address, nats it to the static address (the vendors router interface).  The tunnel doesn't come up.  Am I missing something?  Can I pass this through with static nat?  My code pieces are below.  Thanks in advance for any help someone can provide.  I am also using dynamic nat on the serial interface for browsing.
interface FastEthernet0/1.31
 description vendor network
 encapsulation dot1Q 31
 ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
interface Serial0/0/0:0
 description Connection to internet
 bandwidth 1536
 ip address 12.y.y.5
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 no cdp enable
ip nat inside source static 12.x.x.1 
ip nat inside source static 
! 12.x.x.1 public ip address on my network (vendor connects to this address)
! vendors ethernet port on their router

Open in new window

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You are missing "ip nat inside" on the Fa0/1.31 interface.

conf t
interface FastEthernet0/1.31
ip nat inside

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
holidayinnexpressAuthor Commented:
Jfrederick you are exactly correct.  I noticed this yesterday, and inserted that statement.  The GRE tunnel established but we could never get the ipsec up and ultimately traffic to pass.  I was receiving unexpected packet on port 4500.  We decided to punt on this and i ended up putting the public address on the ethernet port and locking it down with acl's.  Thanks for the response.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocol Security

From novice to tech pro — start learning today.